[ previous ] [ next ] [ threads ]
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Isolating users with managed switch
 Date:  Sun, 15 Jul 2007 19:12:25 -0400
Thanks for all relies; now I got more questions:

1. Is PVLAN proprietary to Cisco or there are some other switches that I can
afford ;-)

2. If I create VLAN tag for each user on mono, can I make my Captive Portal
work with that? SO captive portal gets info to which VLAN group to put the

3. What is the difference between Static VLANs and Dynamic VLANs


-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Sunday, July 15, 2007 3:15 PM
Cc: Monowall Support List
Subject: Re: [m0n0wall] Isolating users with managed switch

On 7/15/07, A dot L dot M dot Buxey at lboro dot ac dot uk <A dot L dot M dot Buxey at lboro dot ac dot uk> wrote:
> Hi,
> > I want to isolate users (Block NetBios so comps cant see each other, or
> > VLANs some how).
> >
> > I know if I want  to do it with regular wired network I need to use
> > switch, but I never used them so what function will I need to block net
> > bios? How can I setup vlans to achieve same results? Any particular
> > for cheap prices?
> if you use VLANs you can simply put each user on a different one and
> not allow them to talk at the router. a simpler way is to just use
> a decent switch that has private VLAN or port seperation function .eg.
> Cisco 2950/2960 series which has 'switchport protected' so hosts
> cant see each other directly through the switch...or at all if you
> decide so as the VLAN termination/router.

Yeah that's also what I would recommend, PVLAN if you have Cisco
switches or others that support the same.

Alternatively, you could create a unique VLAN for every single port,
but that'd be a real pain to setup.

"The PVLAN edge (protected port) is a feature that has only local
significance to the switch, and there is no isolation provided between
two protected ports located on different switches. A protected port
does not forward any traffic (unicast, multicast, or broadcast) to any
other port that is also a protected port in the same switch.
Therefore, it provides isolation. Traffic cannot be forwarded between
protected ports at Layer 2. All traffic passing between protected
ports must be forwarded through a Layer 3 device."


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch